On Sat, 05 Oct 1996 07:57:22 -0700, John Fricker wrote:
Microsoft claims C2 or higher for NT and deserves any ragging they get if it's not. Ditto for any other vendor who claims one thing and sells another.
You ought to read about C2. DIdn't Steve Martin say something like "criticize things you don't know about".
Okay, correct me if I'm wrong on this (as if you wouldn't...): 1. Microsoft markets NT with C2 security 2. Numerous industry magazines report that you can bypass NTFS file security by booting off of a diskette and using NTFSDOS. 3. Numerous industry magazines (and I believe MS finally mentioned it in some routine status update) all say that NT should now be considered C2 *ONLY* on machines w/o floppy drives. Sounds like they weren't quite honest on this one. Or are you trying to say that security-by-obscurity (relying on NTFS's then lack of external mounting programs) was a good choice?
BTW: Bizarre NT Quirk #15413 - The Administrator account does not have access to the entire disk. You got it - if you're the administrator you still cannot look into certain directories belonging to another user - even if you've given all access privileges to the Admin account. Got a few chuckles at work.
It's not rocket science to defeat this. The administrator is prevented from casually peering >into user owned directories but any administrator worth a nickle can tap tap click and have >access to any directory.
I know that you can get in there. It just seemed odd that it would be setup by default... # Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp # <cadams@acucobol.com> | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)